Simply compile and link your program with -fsanitize=address flag. The
AddressSanitizer run-time library should be linked to the final executable, so
make sure to use clang (not ld) for the final link step. When linking
shared libraries, the AddressSanitizer run-time is not linked, so
-Wl,-z,defs may cause link errors (don’t use it with AddressSanitizer). To
get a reasonable performance add -O1 or higher. To get nicer stack traces
in error messages add -fno-omit-frame-pointer. To get perfect stack traces
you may need to disable inlining (just use -O1) and tail call elimination
(-fno-optimize-sibling-calls).

Fixing bugs becomes unavoidable. AddressSanitizer does not produce
false alarms. Once a memory corruption occurs, the program is in an inconsistent
state, which could lead to confusing results and potentially misleading
subsequent reports.

If your process is sandboxed and you are running on OS X 10.10 or earlier, you
will need to set DYLD_INSERT_LIBRARIES environment variable and point it to
the ASan library that is packaged with the compiler used to build the
executable. (You can find the library by searching for dynamic libraries with
asan in their name.) If the environment variable is not set, the process will
try to re-exec. Also keep in mind that when moving the executable to another machine,
the ASan library will also need to be copied over.

If that does not work for you (e.g. your process is sandboxed), you can use a
separate script to symbolize the result offline (online symbolization can be
force disabled by setting ASAN_OPTIONS=symbolize=0):

AddressSanitizer can optionally detect dynamic initialization order problems,
when initialization of globals defined in one translation unit uses
globals defined in another translation unit. To enable this check at runtime,
you should set environment variable
ASAN_OPTIONS=check_initialization_order=1.

Runtime interposition allows AddressSanitizer to find bugs in code that is
not being recompiled. If you run into an issue in external libraries, we
recommend immediately reporting it to the library maintainer so that it
gets addressed. However, you can use the following suppression mechanism
to unblock yourself and continue on with the testing. This suppression
mechanism should only be used for suppressing issues in external code; it
does not work on code recompiled with AddressSanitizer. To suppress errors
in external libraries, set the ASAN_OPTIONS environment variable to point
to a suppression file. You can either specify the full path to the file or the
path of the file relative to the location of your executable.

ASAN_OPTIONS=suppressions=MyASan.supp

Use the following format to specify the names of the functions or libraries
you want to suppress. You can see these in the error report. Remember that
the narrower the scope of the suppression, the more bugs you will be able to
catch.

Some code should not be instrumented by AddressSanitizer. One may use the
function attribute __attribute__((no_sanitize("address"))) (which has
deprecated synonyms no_sanitize_address and no_address_safety_analysis) to
disable instrumentation of a particular function. This attribute may not be
supported by other compilers, so we suggest to use it together with
__has_feature(address_sanitizer).

AddressSanitizer supports src and fun entity types in
Sanitizer special case list, that can be used to suppress error reports
in the specified source files or functions. Additionally, AddressSanitizer
introduces global and type entity types that can be used to
suppress error reports for out-of-bound access to globals with certain
names and types (you may only specify class or struct types).

You may use an init category to suppress reports about initialization-order
problems happening in certain source files or with certain global variables.

# Suppress error reports for code in a file or in a function:
src:bad_file.cpp
# Ignore all functions with names containing MyFooBar:
fun:*MyFooBar*
# Disable out-of-bound checks for global:
global:bad_array
# Disable out-of-bound checks for global instances of a given class ...type:Namespace::BadClassName
# ... or a given struct. Use wildcard to deal with anonymous namespace.type:Namespace2::*::BadStructName
# Disable initialization-order checks for globals:
global:bad_init_global=init
type:*BadInitClassSubstring*=init
src:bad/init/files/*=init